Attachment 605403 Details for Bug 849368 – CVE-2012-3505-tinyproxy-randomized-hashmaps.patch

[patch] CVE-2012-3505-tinyproxy-randomized-hashmaps.patch

CVE-2012-3505-tinyproxy-randomized-hashmaps.patch (text/plain), 3.00 KB, created by Kurt Seifried on 2012-08-18 21:57:11 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kurt Seifried

Created: 2012-08-18 21:57:11 UTC

Size: 3.00 KB

patch

obsolete

>diff --git a/src/child.c b/src/child.c
>index 34e20e0..16e39be 100644
>--- a/src/child.c
>+++ b/src/child.c
>@@ -20,6 +20,9 @@
>  * processing incoming connections.
>  */
> 
>+#include <stdlib.h>
>+#include <time.h>
>+
> #include "main.h"
> 
> #include "child.h"
>@@ -196,6 +200,7 @@ static void child_main (struct child_s *ptr)
>         }
> 
>         ptr->connects = 0;
>+	srand(time(NULL));
> 
>         while (!config.quit) {
>                 ptr->status = T_WAITING;
>diff --git a/src/hashmap.c b/src/hashmap.c
>index f46fdcb..a889b17 100644
>--- a/src/hashmap.c
>+++ b/src/hashmap.c
>@@ -25,6 +25,8 @@
>  * don't try to free the data, or realloc the memory. :)
>  */
> 
>+#include <stdlib.h>
>+
> #include "main.h"
> 
> #include "hashmap.h"
>@@ -50,6 +52,7 @@ struct hashbucket_s {
> };
> 
> struct hashmap_s {
>+        uint32_t seed;
>         unsigned int size;
>         hashmap_iter end_iterator;
> 
>@@ -65,7 +68,7 @@ struct hashmap_s {
>  *
>  * If any of the arguments are invalid a negative number is returned.
>  */
>-static int hashfunc (const char *key, unsigned int size)
>+static int hashfunc (const char *key, unsigned int size, uint32_t seed)
> {
>         uint32_t hash;
> 
>@@ -74,7 +77,7 @@ static int hashfunc (const char *key, unsigned int size)
>         if (size == 0)
>                 return -ERANGE;
> 
>-        for (hash = tolower (*key++); *key != '\0'; key++) {
>+        for (hash = seed; *key != '\0'; key++) {
>                 uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
> 
>                 hash >>= 1;
>@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int nbuckets)
>         if (!ptr)
>                 return NULL;
> 
>+	ptr->seed = (uint32_t)rand();
>         ptr->size = nbuckets;
>         ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
>                                                            sizeof (struct
>@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const char *key, const void *data, size_t len)
>         if (!data || len < 1)
>                 return -ERANGE;
> 
>-        hash = hashfunc (key, map->size);
>+        hash = hashfunc (key, map->size, map->seed);
>         if (hash < 0)
>                 return hash;
> 
>@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key)
>         if (map == NULL || key == NULL)
>                 return -EINVAL;
> 
>-        hash = hashfunc (key, map->size);
>+        hash = hashfunc (key, map->size, map->seed);
>         if (hash < 0)
>                 return hash;
> 
>@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, void **data)
>         if (!map || !key || !data)
>                 return -EINVAL;
> 
>-        hash = hashfunc (key, map->size);
>+        hash = hashfunc (key, map->size, map->seed);
>         if (hash < 0)
>                 return hash;
> 
>@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key)
>         if (map == NULL || key == NULL)
>                 return -EINVAL;
> 
>-        hash = hashfunc (key, map->size);
>+        hash = hashfunc (key, map->size, map->seed);
>         if (hash < 0)
>                 return hash;
> 
>

Actions: View | Diff

Attachments on bug 849368: 605402 | 605403